Saturday, November 30, 2013

Security design principles

Security of software systems is all the buzz these days with the emergence of official and unofficial surveillance and hacking. So, one might wonder, why look back 40 years to a 1974 paper on system security principles?

Answer: Some stuff is timeless, and some stuff is still valid after four decades.

We refer, of course, to the classic by Jerome H. Saltzer and Michael D. Schroeder entitled "The Protection of Information in Computer Systems", arguably the most important part of which are the famous "8 Principles of Design"

Saltzer's and Schroeder's Design Principles
Each principle referred to the "protection mechanism"

Principle of Economy of Mechanism
... should have a simple and small design.

Principle of Fail-safe Defaults
... should deny access by default, and grant access only when explicit permission exists.

Principle of Complete Mediation
... should check every access to every object.

Principle of Open Design
... should not depend on attackers being ignorant of its design to succeed. It may however be based on the attacker's ignorance of specific information such as passwords or cipher keys.

Principle of Separation of Privilege
... should grant access based on more than one piece of information.

Principle of Least Privilege
... should force every process to operate with the minimum privileges needed to perform its task.

Principle of Least Common Mechanism
... should be shared as little as possible among users.

Principle of Psychological Acceptability
... should be easy to use (at least as easy as not using it).

Check out these books I've written in the library at Square Peg Consulting